Cyber Security GRC Analyst for Joint Ventures, Acquisitions, and Affiliates

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves?

Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

This job is posted as HYBRID, and requires up to 3 days a week from our Dearborn, MI office.

Visa sponsorship & Relocation is NOT available for this position.

As part of the Global Cybersecurity GRC (Governance, Risk, and Compliance) service team, the Cybersecurity Analyst for Joint Ventures, Acquisitions, and Affiliates identifies and assess potential security risks in the IT environment related to Joint Ventures, new acquisitions, unintegrated affiliates, and divestitures and performs thorough cyber security risk assessments of the target company's infrastructure, applications, data, and policies for these entities and projects. 

Given the fast-paced nature of the work, which reflects the continually evolving technology and cyber landscape, a high level of resilience and commitment to continuous learning are essential. In order to better support Ford business growth and compliance needs, this highly visible role will require the collaboration with business partners, various internal IT teams, internal control/legal/contracts teams, senior leadership, JVs and external vendors to assess, mitigate and monitor potential cybersecurity risks during mergers, acquisitions, and divestitures, and JV IT Security operations. 

• Support the due diligence process on potential acquisitions
• Serve as a single point of contact for IT security-related concerns for M&A targets from pre-acquisition through divestiture by providing risk-based IT security insights to support business decision making. 
• Conduct IT security risk assessments of M&A targets, joint ventures, and unintegrated affiliates as needed throughout the engagement process, from initiation to closure. 
• Advise on fit-for-purpose security solutions to ensure the JVs and affiliates are safe, secure, and compliant.  
• Provide appropriate IT security recommendations for existing entities, acquisitions, and joint ventures based on changing business needs & requirements. 
• Partner with the line of business to provide guidance in the development of integration and secure-in-place plans, risk impact of key decisions, and considerations for mitigations where risk is accepted.
• Support integration and divestiture plan standardization as well as plans and oversee post-merger integration activities from the IT Security point of view. 
• Cultivate relationships with other stakeholders and consult with subject matter experts on various skill teams (e.g., GDI&A, Corporate Security, In-Vehicle/Mobility Cyber Security, HR, Internal Controls, Internal Audit, Cyber Security, IT operational (EPEO). etc.) to ensure compliance with legal, regulatory and industry standards. 

Must Have Skills:

• Bachelor's degree in IT/Cybersecurity or a relevant business discipline
• 3+ years of experience in a similar or related role with meaningful experience in Mergers & Acquisitions or the startup business space.
• 2+ years of Security and Controls, IT audit, or equivalent experience 
• Knowledge of security frameworks (e.g., NIST CSF or ISO 27001), security processes (e.g., 3rd party management, risk management), and Standards (e.g., ICS)
• Excellent verbal and written communication skills and the ability to communicate with all levels of management 
• Self-Starter who can lead when requirements are unknown and drive to a plan
• Strong organizational skills; able to advance multiple work streams concurrently
• Capability to manage multiple initiatives straight, including diverse projects and project types to ensure robust IT security as part of successful M&A engagements.

Desired Skills:

• Understanding of cybersecurity architecture, threat modeling, control design, and related technical assessments across a broad range of cybersecurity domains and their applicability across the M&A lifecycle.
• Knowledge of ISP and GRC-related tools 
• Strong project management skills 

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage
• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more
• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more
• Vehicle discount program for employees and family members and management leases
• Tuition assistance
• Established and active employee resource groups
• Paid time off for individual and team community service
• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day
• Paid time off and the option to purchase additional vacation time.

This position is a range of salary grades GSR 7-8

For more information on salary and benefits, click here: https://fordcareers.co/GSRnon-HTHD

Visa sponsorship & Relocation is NOT available for this position.

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer committed to a culturally diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

Onsite work of up to three days per week may be required for candidates within commuting distance of a Ford hub location.  #LI-Hybrid